✨ cloud/services: add bastion host service

[cpanato]

What this PR does / why we need it:
Add initial implementation for a new cloud service to be able to create Azure Bastion Hosts

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):

Fixes partially #165

Special notes for your reviewer:

Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

TODOs:

• squashed commits
• includes documentation
• adds unit tests

Release note:

cloud/services: add bastion host service

[cpanato]

/cc @devigned @CecileRobertMichon
all types of feedback are welcome

[nader-ziada]

everything looks good, but how will this be used by controllers?

[devigned]

PR looks pretty solid. We do need to discuss behavior around the public IP.

[devigned]

Delete will only delete the bastion service. If a public IP address was created in the Reconcile func, then it seems like it should be cleaned up here too.

Here is a similar scenario where a public IP is provided by the user. We should decided on a way to represent ownership of the Azure resource to help us to understand how to act during provisioning and deprovisioning.

/cc @alexeldeib and @CecileRobertMichon

[devigned]

Yes, I was thinking if the user needs to provide the IP or CAPZ will create it and I'm not sure the path to follow, that's is why I implemented in that way, if we decide the user need to provide the IP then I can remove the creation part.
I was following a similar approach that the VMs do as well to create the IP.
I don't have strong opinions on that, i think that should follow what the team wants for this.

I agree the IP should be created if it doesn't exist in a similar manor as VMs. Where this implementation differs is that it does not delete the IP when the bastion host is deleted. That means, the IP which is created in the Create func may not get deleted, but should be deleted if it was created in the Create func.

If created in Create, the IP should be deleted in Delete (imo).

[CecileRobertMichon]

FYI #716 will impact this change... We might want to use the same Reconcile/Delete for Bastion IPs as other public IPs (see how Reconcile() is used for VM public IPs in #716) and use tags (similar to resource group and vnet tags) to mark the IP as "owned"/managed by CAPZ. When deleting IPs, it should only delete the ones that are owned by that CAPZ cluster.

[CecileRobertMichon]

#716 merged so you should be able to reuse it now.

[cpanato]

@CecileRobertMichon updated this PR to use the new way for services

[k8s-ci-robot]

@devigned: GitHub didn't allow me to request PR reviews from the following users: and.

Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

Delete will only delete the bastion service. If a public IP address was created in the Reconcile func, then it seems like it should be cleaned up here too.

Here is a similar scenario where a public IP is provided by the user. We should decided on a way to represent ownership of the Azure resource to help us to understand how to act during provisioning and deprovisioning.

/cc @alexeldeib and @CecileRobertMichon

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[cpanato]

@nader-ziada sorry for the delay to reply, we discussed this in this thread the idea was add the service first and in other followups add the controller code, to make a bit easier to review and for doing baby steps 😄

Also i can deliver small things a bit faster

[cpanato]

@devigned thanks for your review.
Yes, I was thinking if the user needs to provide the IP or CAPZ will create it and I'm not sure the path to follow, that's is why I implemented in that way, if we decide the user need to provide the IP then I can remove the creation part.
I was following a similar approach that the VMs do as well to create the IP.
I don't have strong opinions on that, i think that should follow what the team wants for this.

cc @CecileRobertMichon

[cpanato]

/test pull-cluster-api-provider-azure-e2e

[cpanato]

/test pull-cluster-api-provider-azure-test

[nader-ziada]

@cpanato @devigned is this PR ready to move forward? (other than rebase)

[devigned]

/lgtm
/approve

I think we should consider adding the initial bastion types into experimental for a couple release to allow some settling when they are introduced.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: devigned

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [devigned]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[nader-ziada]

@cpanato I think this is good once its rebased

[cpanato]

@nader-ziada rebased sorry for the delay

[devigned]

I might not have had enough coffee yet, but looks like cloud/services/bastionhosts/bastionhosts_test.go could use a go fmt.

[nader-ziada]

I might not have had enough coffee yet, but looks like cloud/services/bastionhosts/bastionhosts_test.go could use a go fmt.

it might be github somehow, looked fine when I pulled down the pr

[cpanato]

@devigned @nader-ziada applied here and did not get any differences, but also can be i had too much coffee for today :)
/shrug

[devigned]

lgtm

@nader-ziada or @CecileRobertMichon any comments?

[nader-ziada]

lgtm but will let @devigned take another look if he wants to

[nader-ziada]

/lgtm